News & Commentary

Content posted in October 2016
Page 1 / 3   >   >>
Microsoft Launches Security Program For Azure IoT
News  |  10/31/2016  | 
As part of the program, Microsoft has partnered with security auditors who will examine customers' IoT infrastructure, find problems, and provide guidance.
US Should Help Private Sector 'Active Defense,' But Outlaw Hacking Back, Says Task Force
News  |  10/31/2016  | 
Task Force at George Washington University suggests ways for government to clear up legal quagmires, improve tools, keep us all out of trouble.
Google Warns Of Windows Zero-Day Under Attack
Quick Hits  |  10/31/2016  | 
'Critical' vulnerability found by Google has yet to be announced or fixed by Microsoft.
'Do Gooder Worm' Changes Default Passwords In Vulnerable IoT Devices
News  |  10/31/2016  | 
A security researcher has proposed an unusual approach for protecting Internet of Things devices against Mirai-like threats. It's not likely to see the light of day, either.
In A World With Automation, Where Does Human Intelligence Fit In?
Commentary  |  10/31/2016  | 
For all the talk about robots taking over jobs, there are still important roles for humans in incident response workflows of the not-too-distant future. Here are three.
Leak Of 1.3 Million Blood Donor Records Is Australia's Biggest Breach Ever
Quick Hits  |  10/31/2016  | 
Sensitive medical data of 550,000 Red Cross blood donors exposed online inadvertently in countrys most damaging data breach to date.
US Bank Regulator Reports Major Security Breach
Quick Hits  |  10/31/2016  | 
Former employee of the Office of the Comptroller of the Currency downloads 10,000 records and cannot replace them.
The 4 Biggest Mistakes Businesses Make Trying To Secure Endpoints
Commentary  |  10/31/2016  | 
Sure, it's tempting to chase whatever collaboration technology is hot at the moment, but this can cause serious data security risks.
Preparing For Government Data Requests After Apple Vs. FBI
Preparing For Government Data Requests After Apple Vs. FBI
Dark Reading Videos  |  10/31/2016  | 
Jennifer Granick and Riana Pfefferkorn discuss lessons learned from the Apple-FBI case, and how security pros should be prepared if government data requests hit closer to home.
Is Your Business Prepared for the SaaS Tsunami?
Commentary  |  10/29/2016  | 
You dont always have to choose between security and productivity when faced with the challenges of Shadow IT.
And Now A PREDATOR To Fight DNS Domain Abuse
News  |  10/28/2016  | 
Researchers at Princeton and elsewhere demo a new tool for spotting people registering domains for malicious purposes.
5 Signs Your Smartphone Has Been Hacked
Slideshows  |  10/28/2016  | 
Mobile devices are increasingly popular vectors for cybercriminals targeting the enterprise. How to tell when a smartphone may be under attack.
Hacker Caught Attempting To Steal $1.5 Million From US Financial Institution
Quick Hits  |  10/28/2016  | 
Defendant faces charges of wire scam and hacking of government website attempting to steal $1.5 million.
A Ransomware Tutorial For SMBs
Commentary  |  10/28/2016  | 
Small-to-medium-sized businesses are an easy target for ransomware. Here are four tips that will minimize the risk.
US Charges Several In India Call Center Scam
Quick Hits  |  10/28/2016  | 
Authorities file charges against 61 in a phone fraud that cheated 15,000 out of $250 million via identity theft and impersonation.
How Clinton, Trump Could Champion Cybersecurity
News  |  10/27/2016  | 
The major party Presidential candidates, which both have experienced the aftermath of hacks and poor security practices of their own, could serve as 'poster children' and advocate for better cybersecurity, experts say.
'AtomBombing' Microsoft Windows Via Code Injection
News  |  10/27/2016  | 
Researchers have identified a new way to inject malicious code into Windows systems -- and it doesn't exploit a vulnerability.
How To Build A Strong Security Awareness Program
Commentary  |  10/27/2016  | 
To become more secure, focus your training and manage your top risks.
Jose Santana Pleads Guilty In Cell Phone Fraud Scheme
Quick Hits  |  10/27/2016  | 
Santana and co-conspirators committed identity theft costing victims $150,000, according to US Department of Justice.
Florida Man To Plead Guilty in JPMorgan, Bitcoin Hack Case
Quick Hits  |  10/27/2016  | 
In Manhattan District Court today Michael Murgio will admit to operating an illegal money transmitting business and paying a bribe to gain access to a credit union.
Healthcare Suffers Security Awareness Woes
News  |  10/27/2016  | 
Weak security practices are putting patient data at risk, new SecurityScorecard report shows.
DDos On Dyn Used Malicious TCP, UDP Traffic
News  |  10/26/2016  | 
Dyn confirms Mirai IoT botnet was 'primary source' of the attack, with some 100,000 infected devices sending the bogus traffic.
Adobe Rushes Out Emergency Patch For Critical Flash Player Vulnerability
News  |  10/26/2016  | 
Exploit, available in the wild, is being used in attacks against Windows users, company warns.
Warning: Healthcare Data Under Attack
Partner Perspectives  |  10/26/2016  | 
We as an industry must demand greater protection of our medical data.
20 Endpoint Security Questions You Never Thought to Ask
Commentary  |  10/26/2016  | 
The endpoint detection and response market is exploding! Heres how to make sense of the options, dig deeper, and separate vendor fact from fiction.
Lets Clean Up The Internet By Taking Responsibility For Our Actions
Partner Perspectives  |  10/26/2016  | 
Imagine an Internet with multiple levels of security that users need to earn.
Virginia Sen. Mark Warner Questions State Of IoT Security
News  |  10/26/2016  | 
US Senator Mark Warner (D-Va.) asks federal agencies about necessary tools to prevent cybercriminals and others from hacking consumer products, including IoT devices.
New DDoS Attacks Could Reach Tens Of Terabits-Per-Second
Quick Hits  |  10/26/2016  | 
Network security company Corero says LDAP could amplify DDoS attacks by as much as 55x.
Getting To The 'Just Right' Level Of Encryption
Commentary  |  10/26/2016  | 
The key to unlocking secure business messaging is controlling who has the key.
Chinese Firm Defends Webcam Security After DDoS Attacks
Quick Hits  |  10/26/2016  | 
Hangzhou Xiongmai Technology says devices sold in the US before April 2015 will be recalled after attack on Dyn servers.
NHTSA Issues Cybersecurity Best Practices For Automakers
News  |  10/25/2016  | 
Focus is on limiting access to electronic components and what someone can do with that access.
CloudFanta Malware Targets Victims Via Cloud Storage App
News  |  10/25/2016  | 
The malware campaign uses the Sugarsync cloud storage app to distribute malware that steals user credentials and monitors online banking activity.
7 Scary Ransomware Families
Slideshows  |  10/25/2016  | 
Here are seven ransomware variants that can creep up on you.
US Officials: Russian Hackers Could Spread Online Rumors Of Voter Fraud
Quick Hits  |  10/25/2016  | 
US authorities ask election officials to be alert to false documents posted online to influence public perception.
St. Jude Implant Case: Expert Validates Muddy Waters Claim
Quick Hits  |  10/25/2016  | 
Cybersecurity firm Bishop Fox says tests have confirmed that cardiac devices made by St. Jude are susceptible to hacking.
Blockchain & The Battle To Secure Digital Identities
Commentary  |  10/25/2016  | 
This emerging technology is a promising way to verify transactions without compromising your digital identity.
Growing Fear Of IP Theft Hits Power, Auto, Industrial Sectors Hardest
News  |  10/25/2016  | 
Survey finds 58% of respondents predict a rise in IP cyber theft and most feel inside employees are the greatest risk.
'Root' & The New Age Of IoT-Based DDoS Attacks
News  |  10/24/2016  | 
Last Friday's massive DDoS that exploited online cameras and DVRs was simple to pull off -- and a new chapter in online attacks.
New Kovter Trojan Variant Spreading Via Targeted Email Campaign
News  |  10/24/2016  | 
The authors of a malware sample that has been around for more than two years have yet another trick for distributing it.
New Financial System Analysis & Resilience Center Formed
Quick Hits  |  10/24/2016  | 
Associated with Financial Services ISAC (FS-ISAC), the new FSARC works more closely with government partners for deeper threat analysis and systemic defense of financial sector.
Vendor Security Alliance To Improve Cybersecurity Of Third-Party Providers
Partner Perspectives  |  10/24/2016  | 
Member companies can use their VSA rating when offering their services, effectively skipping the process of verification done by prospective businesses.
5 Tips For Preventing IoT Hacks
News  |  10/24/2016  | 
The recent DDoS attack on Dyn was powered in part by a bot army of home devices. How not to let your webcam or other IoT system go rogue.
Deleting Emails Original Sin: An Historical Perspective
Commentary  |  10/24/2016  | 
Can DMARC do for email security what SSL certificates did for e-commerce?
Microsoft's New Patch Tuesday Model Comes With Benefits And Risks
News  |  10/24/2016  | 
Microsoft has transitioned its Patch Tuesday update process to a cumulative rollup model. What businesses need to know about the new patching regimen.
A Proactive Approach To Vulnerability Management: 3 Steps
Commentary  |  10/22/2016  | 
Having the tools to detect a breach is important, but what if you could prevent the attack from happening in the first place?
NSA Contractor Over 20 Years Stole More Than 50 Terabytes Of Gov't Data
News  |  10/21/2016  | 
Harold Martin, now in custody, is a risk to himself and others if freed from custody, a US prosecutor warns in a detailed filing in the case.
Cyber Training For First Responders To Crime Scene
Quick Hits  |  10/21/2016  | 
FBI ties up with police association and Carnegie Mellon University to improve working knowledge of cyber investigations.
DDoS Attack On DNS Provider Disrupts Okta, Twitter, Pinterest, Reddit, CNN, Others
News  |  10/21/2016  | 
Brief but widespread attack illuminated vulnerability of the Internet's Domain Name System (DNS) infrastructure.
Indian Banks Hit By Debit Card Security Breach
Quick Hits  |  10/21/2016  | 
Around 3.25 million debit cards affected by breach of 90 ATMs, prompting card replacement and PIN change.
Flipping Security Awareness Training
Commentary  |  10/21/2016  | 
Threats can be minimized when teams understand business goals and objectives. These four tips can help turn things around.
Page 1 / 3   >   >>


Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-11771
PUBLISHED: 2018-08-16
When reading a specially crafted ZIP archive, the read method of Apache Commons Compress 1.7 to 1.17's ZipArchiveInputStream can fail to return the correct EOF indication after the end of the stream has been reached. When combined with a java.io.InputStreamReader this can lead to an infinite stream,...
CVE-2018-1715
PUBLISHED: 2018-08-16
IBM Maximo Asset Management 7.6 through 7.6.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 14700...
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.